Cyber Threat Analysis for 12 May 2016

Analysis & Commentary on the Week’s Cyber Security Issues

The “so what” factor feeds and aggregators don’t give you.

Are You Getting the Most from Your Threat Intelligence Subscription?

Many organizations, in order to ensure they getting as much intel as possible, subscribe to multiple threat intelligence feeds and spend hundreds of thousands of dollars every year on subscription fees. But in the rush to sign up for the latest and greatest threat subscription, my guess is that most organizations don’t have a good plan for ensuring the information from their multiple feeds can be turned into new protections within their security devices, meaning the ROI for their subscription payments may be extremely low.  (Security Week)

Cyber threat intelligence can help you defend your enterprise, but it is not a silver bullet. History is replete with examples of decision-makers not liking or agreeing with flashing red lights in front of them, and then paying the price. On the other hand, decision-makers have to understand that “most dangerous” scenarios are called that for a reason: the probability may be small, but it is not zero. Intelligence is only useful if you have a system in place that enables you to act on it, and you actually do so. With enough time and false alarms you will start to think that because nothing you have been warned about has ever happened nothing will ever happen. That’s the point at which you’re going to devalue intelligence and be caught by “surprise” and intelligence will have “failed” you.

Why Cyber-Criminals Are Always One Step Ahead

Cyber-criminals have an uncanny ability to stay under the radar for long periods of time—making the difficult business of cyber-protection even more difficult. Cyber-security is an ever-evolving undertaking, and the need for enterprises to reassess their security tools is constant. A recent study reveals just how easy it is to purchase or rent havoc-causing malware. “It’s no small feat to keep up with how cyber-criminals operate. Attackers have an incredibly vibrant underground community where they can buy or rent anything from command-and-control infrastructure to sophisticated exploit kits to bare metal malware,” said Steven Newman, CTO of Damballa. (CIO Insight)

The cliche that offense has it easier than defense really only applies when it comes to issues of scale. It is easy to do bad things to a large number of unsuspecting and unsophisticated people. A reasonably protected enterprise is largely opaque to an intruder in the early stages of an attack. They have no idea if or when they’ll get caught until it is clear the defenders are blind, deaf, or otherwise not paying attention. Practices, relationships, and mechanisms that enable you to learn and work at scale help to even the odds. Information sharing, services that provide herd immunity, services/tools that shorten time between infection and detection are not necessarily glamorous but they help you keep pace with the threat.

Why Physical Security Professionals Need to Get to Grips with Cyber Security

In today’s connected workplace, weak links in security systems can be the easiest way for hackers to get onto a network. Those culpable for inviting outsiders in sometimes include: manufacturers, who push out unsecured products until end-users stump up; installers, who leave systems running with default passwords; and end-users, who unknowingly open up networks, leaving their organisations vulnerable to attack. (IFSec Global)

Default passwords and other configuration follies are the physical security device equivalent of ‘password123’ on routers and maintenance accounts. The ability to control such devices unbenknownst to system users provides attackers with a range of options, from ‘eye in the sky’ enabled credential acquisition, to insider-level knowledge that can enable and support physical compromise. Physical security systems were IoT before IoT was a thing, and their importance – and potential risk they pose – is only going to grow. Making friends with your counterpart in physical security to make sure you’re not inadvertently working against each other.

The Cyber Threat: [Administration] Policies Toward Hackers From China, Iran, Syria Produce Few Results

Recent federal indictments of Iranians and Syrians for cyber attacks on U.S. networks further highlight the failure of [the current administration] to counter the growing threat of foreign hacker strikes on American networks. The indictments are largely symbolic, since none of the Iranians or Syrians are within reach of U.S. law enforcement and the chances the hackers will ever face justice in a courtroom are slim. Like many of [the administration’s] foreign policies, the indictments appear designed to provide political cover by adopting seemingly proactive measures, but without having much impact. (Free Beacon)

Declaring policies on cyber threats as ineffective is good politics, but legacy political models for dealing with these issues are inadequate regardless of your party affiliation. Indictments on the domestic front, international efforts to cyber-ize cold-war-like practices, both are signs that the legacy policy establishment is largely devoid of meaningful solutions to the problems we face. Rather than shoe-horn legacy futures into a modern context, we should be working towards novel solutions that reflect the world as it is, not as we wish it to be. Security practitioners can think of few things less attractive than policy development, yet it is a skill that must be mastered if we hope to avoid a world where math is banned and knowing how to code casts a pall of suspicion upon you.

Business failing to learn lessons of past cyber attacks, report shows

Business and other organisations are failing to learn the lessons of past cyber attacks, the latest Verizon Data Breach Investigations Report (DBIR) reveals. The analysis of 2,260 breaches and more than 100,000 incidents at 67 organisations in 82 countries shows that organisations are still failing to address basic issues and well-known attack methods. “This year’s study underlines that things are not getting better,” said Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions. “We continue to see the same kind of attacks exploiting the same vulnerabilities because many organisations still lack basic defences,” (Computer Weekly)

Your regular (sadly) reminder that it is a focus on fundamentals that will bring about the biggest improvements in your cyber security posture.